encrypting the global information infrastructure
TRANSCRIPT
FEATURE
Encrypting the Global Information Infrastructure
Dorothy E. Denning
I nformation. Global connectivity. Electronic commerce. Competition. Economic espionage.
Global organized crime. Chemical, biological, and nuclear weapons. Terrorism. Conflict. Economic and social instability. Violations of privacy and human rights. Erosion of trust. These are some of the global realities we live with today. They explain why cryptography must be an integral part of the Global Information Infrastructure to protect privacy, intellectual property, and financial assets, and to provide a foundation of trust for electronic commerce. They also explain why we ought to proceed thoughtfully in the deployment of this technology.
An encrypted Global Information Infrastructure (GII) is completely without precedent in world history. It is not the same as a private conversation on the beach. It allows individuals and groups, anywhere and anytime, to communicate securely across time and space. Nor is it the same as a locked door or filing cabinet. Locks can be picked and doors broken down. Unbreakable codes empower the individual to communicate and store records in total secrecy, beyond the reach of crooks and court orders alike. The concern is that while preventing many crimes, encryption will facilitate others, leading to large scale economic and human losses.
Encryption can be hazardous even to users. If keys are lost, valuable data can become inaccessible. In developing an encryption strategy for the GII, therefore, it is worthwhile to seek one that will meet the security and data recovery needs of users of the GII, but without
unnecessarily undermining the ability of governments to enforce the law and protect public safety and national security.
Most major countries, including the US and other New Forum (formerly COCOM) countries, regulate exports of encryption technology’. A few, including France, China, Israel, and Russia, regulate its import and use. These controls have limited, though not prevented, the spread of strong encryption to adversaries throughout the world. While this has helped protect vital national security interests, it has also hampered the widespread deployment of robust encryption technology to protect the legitimate interests of organizations and individuals, and it has threatened the economic competitiveness of companies in export-controlled countries. Businesses and government alike recognize that changes are needed to meet the security requirements for the GII, ensure a level playing field in the information technology global market, and still protect law enforcement and national security interests.
One approach that has received considerable attention both from governments and from the international business community involves archiving (or escrowing) keys with trusted third parties within a key management infrastructure. The archived keys would enable recovery of encrypted data by the owners of the data and by governments under due process of law and strict accountability. When combined with key escrow, strong encryption would be freely exportable and
“while preventing many crimes, encryption will facilitate others, leading to large scale economic and human losses”
importable in conformance with international standards and government-to-government agreements. The standards, which would apply to encryption products and key management services, would be developed through standards bodies with representation from industry and government. They would be open and non-discriminatory. Key agreements between
8 Computer Fraud & Security July 1996 0 1996 Elsevier Science Ltd
FEATURE
governments would allow governments to access key in foreign countries where necessary pursuant to criminal investigations, while preserving privacy rights and protecting against foreign espionage.
Encryption cannot be used effectively across the GII (or any network) without a key management infrastructure. Indeed, lack of a global infrastructure is one reason why the use of encryption is not more widespread. A key management infrastructure provides
“When combined with key escrow, strong encryption would be freely exportable and importable ”
signed certificates for public keys, certificate distribution, authentication of users, revocation and expiration of keys, time-stamping and notarization of electronic documents, dispute resolution, and key
archive. These services are performed by trusted entities, sometimes called trusted third parties, which ensure confidentiality, integrity, authenticity, non-repudiation, and availability of information and services. Public-key certificates are issued by a trusted certificate authority (CA), which first establishes proof of identity of the person owning the corresponding privitte key and then signs a certificate containing the user’s identity, public key, and period of validity.
Separate keys can be used for encryption (confidentiality protection) and digital signatures (authentication and non-repudiation), with separate certificates issued for each. With an escrowed infrastructure, issuance of a certificate for a public encryption key would be conditioned on archive of the corresponding private decryption key. The key holder cou Id be the CA itself or a separate key escrow authority.
Private signature keys need not be archived as they are not needed for data recovery. Use of an escrowed infrastructure and compatible products would be voluntary. The incentive would be access to strong, globally interoperable encryption systems and key management services that meet high standards of assurance for confidentiality, integrity, and data
recovery. Users would get extremely strong security and privacy for stored data and for international as well as domestic communications, backup protection for keys, assurance that their information will not be disclosed to governments or anyone else except under due process, and liability protection in case keys are compromised or misused. The information technology industry would get to export strong cryptography into a global market with a level playing field.
This article describe various initiatives to develop a key management infrastructure with key archive and recovery, how such an approach might work, and potential obstacles to approaches that would ensure government access.
Initiatives
Beginning with the Clipper initiative in 1993, the Clinton Administration has embraced an encryption policy based on key escrow with trusted third parties. This policy includes development of federal standards for key escrow encryption, adoption of key escrow within the federal government, and liberalization of export controls for key escrow encryption products. The objective has been to promote encryption in a way that does not unnecessarily undermine law enforcement and national security objectives, and to do so through export controls and government use of key escrow rather than mandatory controls on the use of encryption.
In the Clipper system, the escrow mechanism was independent of any key management infrastmcture2. The Administration is now proposing an approach where data recovery services would be integrated into the key management infrastructure and tied to the issuance of public-key certificates3. The goal is to allow ready export of any encryption product that uses an escrowed infrastructure regardless of algorithm, key length, or hardware or software
“the Clinton Administration has embraced an encryption policy based on key escrow with trusted third parties”
Computer Fraud 81 Security July 1996 0 1996 Elsevier Science Ltd
9
FEATURE
implementation. Existing export controls place severe restrictions on key length (40 bits for a general export licence), so this represents a significant advance. Keys could be held within the US or in any country which has a government-to-government key agreement with the US. Such agreements would recognize that authorized government access must be preserved consistent with the legally recognized privacy interests of the citizens of each country.
In the interim, until an escrowed key infrastructure is developed and agreements are in place, the Administration will continue its initiative to allow ready export of 64-bit software or go-bit hardware products with key escrow4. It will permit, prior to formal government-to-government agreements, exports of products that use an escrowed infrastructure to approved markets, consistent with policies of the destination country. Further, prior to establishment of a multinational infrastructure with key recovery, it will permit export of products which require the use of an escrowed infrastructure, on a case-by-case basis, to any destination with which the US has
government-to-government agreements.
In addition to allowing overseas escrow of keys, the policy would allow organizations to escrow their own keys if they can meet the performance requirements. The government proposes to seek legislation that would
“data recovery services would be integrated into the key management infrastructure and tied to the issuance of public-key certificates”
shield escrow authorities within an organization from internal pressures during an investigation. Legislation would also be sought to criminalize the unauthorized disclosure/use of
keys, authorize civil actions against those responsible, specify the circumstances in which keys could
be requested and released, and establish liability protections for key holders who exercise due prudence in fulfilment of their obligations.
Outside the US, Canada is building their public-key infrastructure using the Nortel Entrust product line for their underlying security architecture. Entrust supports optional key escrow through the certificate authorities. The certificate authority for an organization, which may be internal to the organization, holds the private keys of users when recovery is desired.
In Europe, the UK government is proposing to license trusted third parties
Y roviding encryption
services to the general public . The Trusted Third Parties (TTPs), which in some cases might be within a company, would hold and release the encryption keys of their clients under appropriate safeguards. The licensing regime would seek to ensure that TTPs meet criteria for liability coverage, quality assurance, and data recovery.
It would allow for relaxed export controls on encryption products that work with licensed TTPs. The private use of encryption would not be regulated. A system design for a key management infrastructure from Royal Holloway, UK will be tested in product demonstrations.
France has waived their licensing requirement on the use of encryption when keys are escrowed with government-approved key holders, effectively trading licenses on the use of encryption for licenses governing the operation of trusted third party services. To get a licence, an organization providing TTP services would have to operate in France.
The European Commission is proposing a project to establish a European-wide network of TTPs that would be accredited to offer services that support digital signatures, notarization, confidentiality, and data integrity. The trust centres, which would operate under the control of member nations, would hold keys that would enable them to assist the owners of data with emergency decryption or supply keys to their national authorities on production of a legal warrant. Australia is also considering the development of a key infrastructure with TTPs.
In recognition of the need for international coordination of encryption policy, the Organization for Economic Cooperation Development (OECD), which includes the US, Australia, Canada, Europe, Japan, and
10 Computer Fraud & Security July 1996 Q 1996 Elsevier Science Ltd
FEATURE
New Zealand, is drafting guidelines for cryptography policy that would promote encryption on the GII while balancing the needs of consumers, industry, public safety, and national security. The OECD has been working closely with several industry associations, including the Business-Industry Advisory Council (BIAC) to the OECD, the International Chamber of
“the policy would allow organizations to escrow their own keys if they can meet the performance requirements”
Commerce (ICC), the INFOSEC Business Advisory
Group (IBAG), and a quadripartite group consisting of the European Association of Manufacturers of Business Machines and Information Technology Industry (EUROBIT), the
Information Technology industry Association of Canada (ITAC), the Information Technology Industry Council (ITI) in the US, and the Japan Electronic Industry Development Association (JEIDA)6.
The guidelines, which are being prepared by a Group of Experts on Cryptography Policy under a pareut Group of Experts on Security, Privacy, and Intellectual Property Protection in the GII, are due to be completed by early 1997. While the guidelines will not require any particular approach, they are likely to provide a framework wherein encryption with key escrow could work internationally through international standards and government-to-government agreements.
The Open Group (formerly X/Open and OSF) is pursuing standards for a public-key infrastructure. They are working with law enforcement and other government agencies, as well as with the international business community, to build an infrastructure that would support key archive and recovery.
In all of these initiatives, certain basic principles are emerging as a foundation for making encryption widely avail;.ible on the GII. These include (1) robust and trusted security; (2) choice of encryption method, key length, and key holder; (3) open, market-driven
standards developed through international standards bodies with industry and government representation; (4) recognition of national responsibilities and regulations to protect privacy, promote commerce and economic well-being, maintain social order, and protect national security; (5) government access to the plaintext of encrypted communications and stored data under due process and strict accountability; (6) liability protection for the owners of encrypted data who escrow their keys and for key holders responding to legitimate government requests; and (7) international cooperation and harmonization of policies to the extent possible, with bilateral agreements so that a government can conduct an investigation within its jurisdiction even when the keys needed for decryption are held outside its borders. Each of these principles is to be interpreted in the context of the whole, where the needs of consumers, industry, and government are all valued and balanced with each other. Thus, free choice and market driven are relative to government regulations, but any regulations that are adopted must be such that users find the products and services meeting those regulations to be technically and legally acceptable.
Many of the difficulties in bringing forth the widespread use of encryption have less to do with encryption policy than with the lack of technology to facilitate its integration into applications and networks.
This is being remedied with the development, internationally, of cryptographic application programming interfaces (CAPIs), which allow the cryptographic functions to be isolated in modules separate from the rest of the software. CAPIs are playing a major role in experiments conducted under the International Cryptography Experiment (ICE), an informal international alliance of individuals and organizations working together to promote the international use of encryption that meets the needs of users and business as well as those of law enforcement and national security7. ICE calls for a series of experiments that demonstrate the international use of encryption in common applications.
How key escrow might work
With an escrowed infrastructure, a user’s private encryption key would be archived with a trusted key holder prior to issuance of the corresponding public key
Computer Fraud & Security July 1996 0 199fi Elsevier Science Ltd
11
FEATURE
certificate#. If the user’s certificate authority is the key escrow agent, then these operations can be done together. Otherwise, the CA would need proof that the key has been escrowed, say, through an escrow certificate digitally signed by the key holder.
Actual escrowing of keys could be performed offline, with the user physically present at the key archive site. Either the user can generate a random public-private key pair and give a copy to the escrow agent, or else the escrow agent can generate the key pair and give a copy to the user. All this can be done electronically so that the keys need never be in human readable form. For example, a user’s keys could be generated on a smartcard or PC card belonging to the user and then read into an escrow agent workstation, or they could be generated on the workstation and downloaded onto the card.
Standards for key holders would be developed to establish performance criteria for key integrity, confidentiality, accessibility, auditability, and recovery and use. They would help ensure that requests from government agencies were handled legally, expeditiously, and with confidentiality. If a law enforcement agency is conducting a wiretap, for example, it is important that the subject not be informed of the investigation, at least prior to completion. Entities meeting these standards would be certified or accredited in some way. Escrow agents would generally be in the private sector.
Users could choose any key holder that is certified as meeting the standards. They would not be forced to escrow their keys with their government. Nor would their government or any other government be able to get their keys at will. Government access to plaintext or keys would be strictly limited and subject to due process and international agreements. All such accesses would be audited. Through contracts and criminal law, key holders would be accountable for their actions and liable for abuses of keys. They would not, however, be liable for responding to lawful requests by owners or government officials operating under due process. Governments would be held accountable for their use of keys and data recovery services.
Qualifying organizations would be able to hold their
own keys as long as their internal key escrow services
meet the standards. This would provide assurance that the escrow unit would respond to court orders and maintain confidentiality of investigations of employees. The key holders would be protected from company internal pressures through appropriate legal safeguards. Self-escrow, however, is a difficult issue as it could potentially lead to a situation where government agencies could not conduct a surreptitious wiretap against a criminal or terrorist organization. Some mechanism is needed to minimize the chances of such a group qualifying as an escrow agent.
Key escrow agents must provide a high level of assurance that keys are not compromised or misused. This can be achieved through a variety of safeguards including auditing, separation of duties, access controls, physical security, encryption, and trusted operating systems. One control that is particularly effective is to split the keys into components, with each component controlled by a different group of people so that trust is not concentrated in a single entity. Then a key cannot be misused without collusion. Some technological approaches
“The European Commission is proposing a project to establish a European-wide network of TTPS”
to key escrow would allow the user to split a key and escrow it with separate entities in such manner that the entities can, without combining their parts, verify that their components would together form the user’s private key. In some cases, data recovery is possible without ever re-assembling the private key; instead, the key holders share in the decryption of the message key (or plaintext).
With key escrow, data recovery is possible through services provided by the key holders and information transmitted or stored with the encrypted data. An encrypted message, for example, could contain a header with the message key encrypted under the public encryption key of each recipient’. Access is then
possible using the private encryption key of any recipient (by default, the sender can also be a recipient so that access is possible through the sender’s key). The
12 Computer Fraud & Security July 1996 0 1996 Elsevier Science Ltd
FEATURE
key holders could either release the private encryption key or use it to decrypt and release the message key. The data are then decrypted with the message key.
I’he data recovery services provided by key escrow agents would be available to the owners of the keys and to government officials with the legal authority to access the encrypted data. Owners would have to prove their identity and rights to the keys. In the case of a corporation or other type of organization, designated officers of the organization would have permission to
obtain the keys of employees on behalf of the
“cryptographic organization. This is essential to protect against
application the death, termination, or loss of an employee and to
programming enable criminal
interfaces . . . . investigations of an
allow the” employee. Government agencies would similarly have to establish their legal authority, normally
through a court order, to a key and the information that will be decrypted with it. If the escrow agent is in a foreign country, the government of the country seeking access would additionally need an agreement with the foreign government that would allow access, possibly subject to approval by the foreign government.
In the case of stored data, there are obvious benefits to owners for archiving keys: if the keys are lost, the data is3 lost. For certain types of communications, for example real-time network connections, key escrow has no obvious benefits to the owners: if the keys are lost, new keys can be generated and the data retransmitted. Indeed, with some protocols, keys are generated on the fly and discarded when the connection is closed. However, retransmission is not possible with all forms of communication. In the case of electronic mail, for example, there would be no guarantee of the sender retaining the original message. Phone calls would be similar when the receiver is a voice mailbox and the message is recorded for later playback. Thus, key escrow is also useful to the owners of certain types of encrypted communications, but there may be some applic;.ttions where it would not be selected by choice, particularly if it added to the cost.
In order to accommodate import and export of strong encryption and user choice of key holders, mutual assistance agreements would be established between countries. These agreements would give governments access to foreign data recovery services, though not necessarily direct access to keys or key holders. That way, a government can get access to data encrypted with products that are exported from or imported into its borders in the case of a major criminal or terrorist investigation falling within its jurisdiction. Under such agreements, a multinational company or any company with foreign offices would be able to escrow its keys in its home country if so desired. Access to keys by foreign governments would be very tightly controlled to protect users from foreign espionage.
Encryption products which operated only with an escrowed key infrastructure would be generally exportable and importable. Unlike the situation under current regulations, key length would not be a factor for exportability. Thus, users would have access to strong encryption systems both for domestic and for international use. Standards for algorithms and implementations would be set by standards groups.
The above outlines one possible approach to a global key management infrastructure with key escrow. There are, of course, many issues and details to be worked out, including international agreements, standards, liability protection, certification of escrow agents, self escrow, legislation, and how or whether escrow fits into specific applications.
These are being addressed by the OECD and individual governments in collaboration with industry and other interested parties. The American Bar Association is addressing the nature of contractual arrangements for key escrow.
Potential obstacles to key escrow with government access
Although the international business community has been generally supportive of efforts to find a balanced, international approach that would accommodate government access, much of that support has been motivated by export controls. Under such controls, an approach based on key escrow offers a possible way forward toward widespread availability of strong
Computer Fraud 81 Security July 1996 0 1996 Elsevier Science Ltd
13
FEATURE
encryption, global interoperability, and a level playing field in the encryption and information technology markets. However, if export controls were dropped, then industry support for accommodating government access could diminish substantially. There would still be interest in key escrow, but only so far as it serves the data recovery needs of users and is totally optional (i.e. not required for export or for use of the key management infrastructure).
Within the USA, there has been considerable pressure from the information technology industry to lift export controls on encryption on grounds that they harm the competitiveness of IJS industry in the global market. As a result of that pressure, bills have been introduced in the Senate and House to lift export controls (S. 1587,
S. 1726, and H.R. 3011 [lo]). Thirty-seven members
“safeguards including auditing, separation of duties, access controls, physical security, encryption, and trusted operating systems”
of the House sent a letter to President Clinton on 15 May 1996 asking him to abandon his Administration’s
key escrow
encryption policy proposal and
immediately liberalize export controls on non-key escrow encryption programs and products. The bills offer no alternative mechanism for protecting public
safety and law enforcement interests. If passed, they would likely undermine efforts at finding a balanced approach, accelerate the spread of unbreakable encryption, and aggravate the problems for law enforcement here and in other countries. While attempting to satisfy the economic objectives of US industry, they could ultimately subvert those same objectives by facilitating economic crimes. On 7 June 1996 Senators Specter and Kerrey sent a letter to Senator Leahy, sponsor of both Senate bills, recommending that Congress proceed cautiously with the legislative initiative so that its full implications could be discerned. They noted that industry representatives are meeting with the Administration to
address the issues and that both Congress and the Administration are reviewing the congressionally-mandated study conducted by the National Research Council’ ’ .
US business is understandably concerned about export controls. Many countries have more liberal controls than in the US, giving their companies a competitive advantage. For example, several New Forum countries allow ready export of mass market and public domain encryption software (e.g. DES and RSA, which are tightly controlled in the US), as permitted by the old COCOM agreements. There have been reports that Japan is allowing export of 1024-bit RSA in hardware12, however, Japanese officials have said that they are still controlling exports.
As a result, the global market for products that use encryption is not a level playing field. Although import controls, trust in supplier, and overall product desirability dampen the effect of export restrictions, exportability is nevertheless a factor in industry competitiveness. If accepted by all major countries, the key escrow approach outlined here, with international standards for strong, exportable encryption products and services, could even out the playing field so that export controls are not a major factor in sales. However, if countries which have a substantial information technology industry do not agree to the approach, then those that do could be at a competitive disadvantage.
Another potential obstacle to widespread use of key escrow is acceptability. Large scale deployment of key escrow introduces some risk into the infrastructure. Key escrow is not likely to be accepted unless users are convinced that these risks have been made negligible through technical, legal, and procedural safeguards, and that they will be able to recover losses in case of abuse. Users will
“law enforcement and national security interests are too important to dismiss key escrow”
want to be able to pick key holders they trust. They will want assurances that key escrow will not be exploited
14 Computer Fraud & Security July 1996 0 1996 Elsevier Science Ltd
FEATURE
by corrupt governments to violate human rights and that government-to-government agreements will not make them vulnerable to foreign espionage. Even with these safeguards and assurances, some people may see any form of mandatory key escrow as an affront to human dignity or right to privacy. The approach outlined here would not require that users escrow their keys, however, persons not doing so would be unable to take advantage of the escrowed security infrastructure for global interoperability.
Key escrow also adds to the cost and complexity of the security infrastructure. Although the infrastructure must support some form of escrow anyway to support consumer and business needs for data recovery, requirements for government access will increase the cost by some factor, particularly if the requirements lead to regulation of escrow agents or use of escrow in situations where consumers and businesses do not need it. If criminals and terrorists do not use escrow, at least for their internal communications (they may use it to intemperate with the rest of the world), then the extra costs to provide for government access may not be justified.
1;ven if an escrowed infrastructure is developed and accepted by many users, an unescrowed key infrastructure could emerge as an alternative. Such an infrastructure could support global interoperability for an encryption system such as Pretty Good Privacy (PGE’), which is available worldwide over the Internet despite export controls, or for strong encryption products developed in a country without export controls.
Indeed, PGP already has an informal public-key infrahtructure based on a web of trust model under the control of users. Given the cost and complexity introduced by key escrow and the need to develop international standards and agreements to make it work, an ahemative, unescrowed infrastructure could emerge anyway to fill an immediate need for a public-key infrastructure. It is also possible that there will be no singIl:: key infrastructure, but rather several, some escrowed and some not. These could arise in the context of specific applications such as electronic mail,
electronic payments, and Internet Protocol (IP) level encryption.
The National Research Council study recommended against an aggressive approach to key escrow, arguing in part that it is untested, at least on a large scale. However, an intensive effort will help resolve the policy issues, establish an appropriate legal framework, promote development of key escrow products and services, encourage establishment of trusted third parties, and test various approaches. Moreover, internationally, businesses and government are rapidly acquiring operational experience with key escrow as organizations install a data recovery capability to protect their own assets. An escrowed infrastructure is integral to several encryption products and application environments, including the Defence Messaging System, which eventually will support about two million users, Nortel Entrust, and PC Security Stoplock KE, which is being used by Shell Group enterprises worldwide to meet their confidentiality, integrity, and data recovery needs.
Conclusions
Cryptography policy must promote the use of strong encryption on the GII, but without unnecessarily hindering criminal and terrorist investigations. Thus, it is important that we continue efforts to develop an escrowed key infrastructure based on voluntary use and international standards and agreements. Doing so will help establish a basis for confidence in key escrow. It will also demonstrate the value of key escrow to users for data recovery and to governments for investigating cases of crime and terrorism. If key escrow can be shown to be safe, valuable to users and society, and cost effective, then it likely will be accepted and adopted widely. If not, then it will be properly rejected on the basis of evidence, not emotion. But until an alternative mechanism is found which adequately balances commercial needs with law enforcement requirements, key escrow remains, above all other considerations, the only show in town. The law enforcement and national security interests are too important to dismiss key escrow at this time, and key escrow offers a potential way forward toward a safe and secure GII.
Computer Fraud & Security July 1996 0 1996 Elsevier Science Ltd
15
FEATURE
References and notes
’ For a description of cryptography regulations and their effect on the market, see “A Study of the International Market for Computer Software with Encryption”, prepared by the US Department of Commerce and the National Security Agency, 1996; also James P. Chandler, “Identification and Analysis of Foreign Laws and Regulations Pertaining to the Use of Commercial Encryption Products for Voice and Data Communications”, Proc. International Cryptography Institute 1995: Global Challenges, National Intellectual Property Law Institute, 21-22 September 1995.
2 For a description of Clipper and its key escrow system, see Dorothy E. Denning and Miles Smid, “Key Escrowing Today, ” IEEE Communications, Vol. 32,
No. 9, Sept. 1994, pp. 58-68. Available through Dorothy Denning’s Cryptography Project page on the world wide web: http://
www.cosc.georgetown.edu/-denninglcrypto.
’ “Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure”, draft paper issued by the Office of Management and Budget, 17 May 1996. Available through the Cryptography Project (supra note 2).
‘For a discussion of the Administration’s 64-bit software key escrow initiative, see Dorothy E. Denning and William E. Baugh, Jr., “Decoding Encryption Policy”, Security Management, February
1996, pp. 59-63, available through The Cryptography Project (supra 1); or see Dorothy E. Denning and William E. Baugh, Jr., “Key Escrow Encryption
Policies and Technologies”, Infbrmation Systems Security, Vol. 5, No. 2, Summer 1996, pp. 44-51.
5 Paper on Regulatory Intent Concerning Use of Encryption on Public Networks, issued by the Department of Trade and Industry, 10 June 1996. Available through the Cryptography Project (supra note 2).
6 At a Business-Government Forum sponsored by the OECD-BIAC-ICC in December 1995, IBAG issued a statement of 17 principles supporting a key escrow approach and calling for industry-led voluntary,
consensus, international standards. The Quadripartite group issued a similar statement calling for harmonization of national cryptography policies and industry-led international standards. Both statements are available through the Cryptography Project (supra note 2).
’ Information about ICE is available through The Cryptography Project (supra note 2) or http://www.tis.com.
8 This section sketches one possible approach to key escrow. For a taxonomy of key escrow features and options, see Dorothy E. Denning and Dennis K. Branstad, “A Taxonomy of Key E Escrow
Encryption”, Communications of the ACM, Vol. 39, No. 3, March 1996, pp. 34-40. Available through the Cryptography Project (supra note 2).
9 Normally, a message is encrypted using a symmetrical (single-key) al gorithm such as the Data Encryption
Standard. Asymmetrical (public-key) encryption is used to transfer the session key from the sender to the receiver or to establish the session key through an interactive protocol between the two parties.
‘%ull text of the Senate and House bills is available through the Cryptography Project (supra note 2).
“Kenneth Dam and Herbert Lin, editors, Cryptography’s Role in Securing the Information Society, National Research Council, National Academy Press, 1996. Available through the Cryptography Project (supra note 2).
12A subsidiary of Nippon Telephone and Telegraph has begun the manufacture and shipment of encryption chips with 1024-bit RSA. See statements by Jim Bidzos, president of RSA Data Security Inc. and James Barksdale, President and CEO of Netscape Communications Corp. before the Senate Committee on Commerce, Science & Transportation, Subcommittee on Science, Space & Technology, 12 June 1996.
16 Computer Fraud & Security July 1996 0 1996 Elsevier Science Ltd